[gentoo-commits] gentoo-x86 commit in media-libs/tiff-compat/files: tiff-3.9.4-CVE-2011-1167.patch tiff-3.9.4-CVE-2011-0192.patch - gentoo-commits

From:	"Alexey Shvetsov (alexxy)" <alexxy@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in media-libs/tiff-compat/files: tiff-3.9.4-CVE-2011-1167.patch tiff-3.9.4-CVE-2011-0192.patch
Date:	Tue, 12 Jul 2011 21:54:33
Message-Id:	`20110712215423.52DCF20051@flycatcher.gentoo.org`

1

alexxy      11/07/12 21:54:23

2

3

  Added:                tiff-3.9.4-CVE-2011-1167.patch

4

                        tiff-3.9.4-CVE-2011-0192.patch

5

  Log:

6

  [media-libs/tiff-compat] Initial import from science overlay

7

8

  (Portage version: 2.2.0_alpha43/cvs/Linux x86_64)

9

10

Revision  Changes    Path

11

1.1                  media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-1167.patch

12

13

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-1167.patch?rev=1.1&view=markup

14

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-1167.patch?rev=1.1&content-type=text/plain

15

16

Index: tiff-3.9.4-CVE-2011-1167.patch

17

===================================================================

18

Index: ChangeLog

19

===================================================================

20

RCS file: /cvs/maptools/cvsroot/libtiff/ChangeLog,v

21

retrieving revision 1.602.2.130

22

diff -r1.602.2.130 ChangeLog

23

0a1,7

24

> 2011-03-12  Frank Warmerdam  <warmerdam@×××××.com>

25

>

26

> 	* libtiff/tif_thunder.c: Correct potential buffer overflow with

27

> 	thunder encoded files with wrong bitspersample set.  The libtiff

28

> 	development team would like to thank Marin Barbella and TippingPoint's

29

> 	Zero Day Initiative for reporting this vulnerability (ZDI-CAN-1004).

30

>

31

Index: libtiff/tif_thunder.c

32

===================================================================

33

RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_thunder.c,v

34

retrieving revision 1.5.2.1

35

diff -r1.5.2.1 tif_thunder.c

36

27a28

37

> #include <assert.h>

38

58,62c59,65

39

< #define	SETPIXEL(op, v) { \

40

< 	lastpixel = (v) & 0xf; \

41

< 	if (npixels++ & 1) \

42

< 	    *op++ |= lastpixel; \

43

< 	else \

44

---

45

> #define	SETPIXEL(op, v) {                     \

46

> 	lastpixel = (v) & 0xf;                \

47

>         if ( npixels < maxpixels )         \

48

>         {                                     \

49

> 	  if (npixels++ & 1)                  \

50

> 	    *op++ |= lastpixel;               \

51

> 	  else                                \

52

63a67,84

53

>         }                                     \

54

> }

55

>

56

> static int

57

> ThunderSetupDecode(TIFF* tif)

58

> {

59

> 	static const char module[] = "ThunderSetupDecode";

60

>

61

>         if( tif->tif_dir.td_bitspersample != 4 )

62

>         {

63

>                 TIFFErrorExt(tif->tif_clientdata, module,

64

>                              "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.",

65

>                              (int) tif->tif_dir.td_bitspersample );

66

>                 return 0;

67

>         }

68

>

69

>

70

> 	return (1);

71

145c166,167

72

< 	return (1);

73

---

74

>

75

>         return (1);

76

153a176

77

>         tif->tif_setupdecode = ThunderSetupDecode;

78

165a189

79

>

1.1                  media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-0192.patch

84

85

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-0192.patch?rev=1.1&view=markup

86

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-0192.patch?rev=1.1&content-type=text/plain

87

88

Index: tiff-3.9.4-CVE-2011-0192.patch

89

===================================================================

90

Index: libtiff/tif_fax3.h

91

===================================================================

92

RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_fax3.h,v

93

retrieving revision 1.7

94

retrieving revision 1.9

95

diff -r1.7 -r1.9

96

480a481,486

97

> 	    if (b1 <= (int) (a0 + TabEnt->Param)) {			\

98

> 		if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) {	\

99

> 		    unexpected("VL", a0);				\

100

> 		    goto eol2d;						\

101

> 		}							\

102

> 	    }								\

1	alexxy 11/07/12 21:54:23
2
3	Added: tiff-3.9.4-CVE-2011-1167.patch
4	tiff-3.9.4-CVE-2011-0192.patch
5	Log:
6	[media-libs/tiff-compat] Initial import from science overlay
7
8	(Portage version: 2.2.0_alpha43/cvs/Linux x86_64)
9
10	Revision Changes Path
11	1.1 media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-1167.patch
12
13	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-1167.patch?rev=1.1&view=markup
14	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-1167.patch?rev=1.1&content-type=text/plain
15
16	Index: tiff-3.9.4-CVE-2011-1167.patch
17	===================================================================
18	Index: ChangeLog
19	===================================================================
20	RCS file: /cvs/maptools/cvsroot/libtiff/ChangeLog,v
21	retrieving revision 1.602.2.130
22	diff -r1.602.2.130 ChangeLog
23	0a1,7
24	> 2011-03-12 Frank Warmerdam <warmerdam@×××××.com>
25	>
26	> * libtiff/tif_thunder.c: Correct potential buffer overflow with
27	> thunder encoded files with wrong bitspersample set. The libtiff
28	> development team would like to thank Marin Barbella and TippingPoint's
29	> Zero Day Initiative for reporting this vulnerability (ZDI-CAN-1004).
30	>
31	Index: libtiff/tif_thunder.c
32	===================================================================
33	RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_thunder.c,v
34	retrieving revision 1.5.2.1
35	diff -r1.5.2.1 tif_thunder.c
36	27a28
37	> #include <assert.h>
38	58,62c59,65
39	< #define SETPIXEL(op, v) { \
40	< lastpixel = (v) & 0xf; \
41	< if (npixels++ & 1) \
42	< *op++ \|= lastpixel; \
43	< else \
44	---
45	> #define SETPIXEL(op, v) { \
46	> lastpixel = (v) & 0xf; \
47	> if ( npixels < maxpixels ) \
48	> { \
49	> if (npixels++ & 1) \
50	> *op++ \|= lastpixel; \
51	> else \
52	63a67,84
53	> } \
54	> }
55	>
56	> static int
57	> ThunderSetupDecode(TIFF* tif)
58	> {
59	> static const char module[] = "ThunderSetupDecode";
60	>
61	> if( tif->tif_dir.td_bitspersample != 4 )
62	> {
63	> TIFFErrorExt(tif->tif_clientdata, module,
64	> "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.",
65	> (int) tif->tif_dir.td_bitspersample );
66	> return 0;
67	> }
68	>
69	>
70	> return (1);
71	145c166,167
72	< return (1);
73	---
74	>
75	> return (1);
76	153a176
77	> tif->tif_setupdecode = ThunderSetupDecode;
78	165a189
79	>
80
81
82
83	1.1 media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-0192.patch
84
85	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-0192.patch?rev=1.1&view=markup
86	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-0192.patch?rev=1.1&content-type=text/plain
87
88	Index: tiff-3.9.4-CVE-2011-0192.patch
89	===================================================================
90	Index: libtiff/tif_fax3.h
91	===================================================================
92	RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_fax3.h,v
93	retrieving revision 1.7
94	retrieving revision 1.9
95	diff -r1.7 -r1.9
96	480a481,486
97	> if (b1 <= (int) (a0 + TabEnt->Param)) { \
98	> if (b1 < (int) (a0 + TabEnt->Param) \|\| pa != thisrun) { \
99	> unexpected("VL", a0); \
100	> goto eol2d; \
101	> } \
102	> } \

Gentoo Archives: gentoo-commits